Expand CONTRIBUTING setup guide and Codex workflow helpers

[senamakel]

Summary

• expand CONTRIBUTING.md into a full development setup guide with prerequisites, clone/install, env configuration, run modes, validation commands, and local data locations
• correct stale contributor guidance around develop vs main, skills submodule language, and the current openhuman-core / Tauri workflow
• document the pnpm work --agent codex behavior and add a Codex-side /ship-and-babysit command prompt under .codex/commands/

Problem

• CONTRIBUTING.md required contributors to cross-reference multiple files to get a working local setup.
• The existing guide had drifted from the live repo state in a few important places, including branch targeting and desktop/tooling setup.
• Codex workflow parity was incomplete: pnpm work did not launch Codex in the requested yolo mode, and there was no repo-local Codex equivalent of the Claude ship-and-babysit command.

Solution

• rewrote the development setup section in CONTRIBUTING.md using current source-of-truth files (package.json, app/package.json, Cargo.toml, rust-toolchain.toml, and the env templates)
• linked out to GitBook chapters for deeper architecture and platform notes instead of duplicating large internal docs
• updated scripts/work so --agent codex uses codex exec --dangerously-bypass-approvals-and-sandbox, documented that behavior, and added .codex/commands/ship-and-babysit.md

Submission Checklist

If a section does not apply to this change, mark the item as N/A with a one-line reason. Do not delete items.

• N/A: docs and local workflow automation change only; no repo test surface was added or modified
• N/A: changed files are Markdown and shell workflow helpers outside the Vitest/cargo coverage matrix
• N/A: no feature rows in docs/TEST-COVERAGE-MATRIX.md were affected by this contributor/tooling update
• N/A: no feature IDs apply because the coverage matrix was unchanged
• No new external network dependencies introduced (GitHub CLI usage is existing contributor tooling)
• N/A: release manual smoke checklist is unaffected by contributor-doc and local workflow changes
• Linked issue closed via Closes #1441 in the ## Related section

Impact

• Contributor onboarding is now materially clearer from one file.
• pnpm work --agent codex now starts Codex in the requested no-approval mode, and the repo has a matching Codex ship-and-babysit prompt.
• No product runtime behavior is intended to change.

Related

• Closes: Expand CONTRIBUTING.md with Hermes-style development setup instructions #1441
• Follow-up PR(s)/TODOs:
  • N/A

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Keep this section for AI-authored PRs. For human-only PRs, mark each field N/A.

Linear Issue

• Key: N/A (GitHub issue only)
• URL: N/A (GitHub issue only; Expand CONTRIBUTING.md with Hermes-style development setup instructions #1441)

Commit & Branch

• Branch: issue/1441-expand-contributing-md-with-hermes-style
• Commit SHA: 1ff1f7c5cfc24c6be5c32433723a061a023e51aa

Validation Run

• pnpm --filter openhuman-app format:check
• pnpm typecheck
• Focused tests: N/A: docs and shell workflow change only; validated with bash -n scripts/work/cli.sh scripts/work/start.sh
• Rust fmt/check (if changed): N/A: no Rust source files changed; rust fmt checks ran via pnpm format:check
• Tauri fmt/check (if changed): N/A: no Tauri source files changed; rust fmt checks ran via pnpm format:check

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: contributor setup guidance is expanded and corrected; pnpm work --agent codex now launches Codex through codex exec --dangerously-bypass-approvals-and-sandbox; .codex/commands/ship-and-babysit.md adds a repo-local Codex babysit prompt.
• User-visible effect: contributors and agents get an updated setup guide and Codex workflow parity.

Parity Contract

• Legacy behavior preserved: non-Codex pnpm work --agent <tool> launches are unchanged.
• Guard/fallback/dispatch parity checks: scripts/work/start.sh only special-cases the literal codex agent name; all other agent invocations keep the existing direct <tool> "<prompt>" handoff.

Duplicate / Superseded PR Handling

• Duplicate PR(s): None
• Canonical PR: this PR
• Resolution (closed/superseded/updated): new canonical PR for this branch

Summary by CodeRabbit

• Documentation

  • Added a new runbook describing an end-to-end PR “ship-and-babysit” workflow, CI babysitting, and safe guardrails.
  • Rewrote the contributor guide with a clearer Getting Started, development setup, bootstrapping workflows, and PR checklist.
  • Clarified agent/workflow docs to describe explicit agent behaviors and handoffs.

• Chores

  • Updated work/CLI scripts to document and handle agent-specific dispatch and “yolo”/bypass modes.

[coderabbitai]

Warning

Rate limit exceeded

@senamakel has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 44 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 842195c2-e387-415c-97e8-5d4c55f93a40

📥 Commits

Reviewing files that changed from the base of the PR and between c5f3b42 and 577774e.

📒 Files selected for processing (2)

• CONTRIBUTING.md
• scripts/work/start.sh

📝 Walkthrough

Walkthrough

This PR updates CONTRIBUTING.md with a detailed development setup and verification flow, adds a ship-and-babysit runbook for PR babysitting, and special-cases codex/cursor agent handoffs in the work scripts.

Changes

Contributing Guide Enhancement

Layer / File(s)	Summary
Documentation Structure & TOC CONTRIBUTING.md	Table of Contents expanded with new sections for Project Layout, Git Workflow, Making Changes, Submitting Changes, and Project Conventions.
Setup & Configuration Guide CONTRIBUTING.md	Getting Started bullets added; prerequisites table for Node/pnpm/Rust with version sources; clone/install steps updated for submodules; Configure for Development section added with root and app .env templates and mode-specific guidance.
Bootstrap Commands & Verification CONTRIBUTING.md	Numbered workflows enumerated (install, web dev, desktop dev, Tauri dev, standalone Rust core); explicit verification and test/check procedures documented with merge-gate context and command reference.
Project Layout & Conventions CONTRIBUTING.md	Local data paths section added; Project Layout refreshed with directory tree; Git Workflow, Making Changes, Submitting Changes, and Project Conventions sections rewritten with branch naming, PR checklist, and coding standards.

Codex Agent Workflow & Integration

Layer / File(s)	Summary
Ship-and-Babysit Runbook .codex/commands/ship-and-babysit.md	New file defines four-phase PR workflow: commit with conventional messages, push to origin with safety checks, open PR against main with template alignment, and babysit loop with CI polling, CodeRabbit comment retrieval via GitHub API, and thread resolution via GraphQL. Includes fork owner derivation from origin and explicit guardrails forbidding upstream pushes, force-pushes, and merges.
Work Script Documentation scripts/work/README.md, scripts/work/cli.sh	Documentation updated to specify that --agent codex passes the prompt to codex exec with --dangerously-bypass-approvals-and-sandbox flag (yolo mode). Usage text clarifies prompt passing for agent tools.
Codex Agent Implementation scripts/work/start.sh	Conditional logic added: when --agent equals codex, the prompt is passed to codex exec --dangerously-bypass-approvals-and-sandbox; for other agents, the standard agent CLI invocation is used. Documentation note explains yolo mode behavior.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant GitHub as GitHub
  participant CI as CI
  participant CodeRabbit as CodeRabbit
  Dev->>GitHub: push branch to origin
  Dev->>GitHub: open PR against main
  GitHub->>CI: trigger checks
  CI-->>GitHub: status updates (pass/fail)
  GitHub->>CodeRabbit: surface review threads/comments
  Dev->>GitHub: push fixes
  GitHub->>CI: re-run checks
  CI-->>CodeRabbit: updated statuses
  CodeRabbit-->>GitHub: review threads resolved

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• tinyhumansai/openhuman#1105: Modifies the same work scripts (scripts/work/cli.sh and start.sh) and agent flag handling.

Poem

🐰 I hop through docs and scripts with glee,

Ship, babysit, and guard the PR tree.
Codex takes the prompt in yolo mode,
CI checks loop until green's bestowed.
Quiet merges wait — let the threads be free.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the two main changes: expanding CONTRIBUTING.md setup guide and adding Codex workflow helpers, matching the actual file modifications.
Linked Issues check	✅ Passed	The PR fully addresses all required elements from issue #1441: comprehensive prerequisites, clone/install guidance, environment configuration, multiple run modes, test/check mapping, project layout references, and resolved branch targeting from develop to main.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with PR objectives. The .codex/commands/ship-and-babysit.md and scripts/work/ modifications support the Codex workflow helper goal, while documentation updates serve the expanded CONTRIBUTING guide objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

CONTRIBUTING.md (1)

124-129: ⚡ Quick win

Prefer debug wrappers first for iterative test/check examples

This guide still foregrounds direct cargo/Vitest-style commands in the main verification matrix. Suggest making pnpm debug ... the first-class iterative path and keeping direct commands explicitly as CI-parity/manual alternatives.

Suggested doc adjustment

-If setup is correct, these commands should all succeed:
+If setup is correct, these CI-parity commands should all succeed:

@@
-| Frontend unit tests | `pnpm test` or `pnpm test:coverage` | Vitest in `app/`. |
+| Frontend unit tests (iterating) | `pnpm debug unit ...` | Preferred wrapper for bounded logs during local iteration. |
+| Frontend unit tests (CI parity) | `pnpm test:coverage` | Required for changed-line coverage enforcement. |
@@
-| Rust tests | `pnpm test:rust` | Uses the shared mock backend wrapper. |
+| Rust tests (iterating) | `pnpm debug rust ...` | Preferred wrapper for focused local iteration. |
+| Rust tests (CI parity) | `pnpm test:rust` | Coverage/CI-aligned Rust test path. |

As per coding guidelines, “Use agent debug runners (scripts/debug/ wrappers) instead of invoking Vitest, WDIO, or cargo directly when iterating.”

Also applies to: 140-145

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CONTRIBUTING.md` around lines 124 - 129, The verification matrix currently
lists direct commands (pnpm typecheck, pnpm lint, pnpm format:check, cargo check
...) as the primary iterative path; change it to prefer the debug-wrapper
approach by placing the pnpm debug scripts (e.g., scripts/debug/* and a generic
"pnpm debug <target>") first, and then keep the direct commands (pnpm typecheck,
pnpm lint, pnpm format:check, cargo check --manifest-path ...) as explicit
CI-parity/manual alternatives; apply the same reorder and wording change to the
second occurrence referenced around lines 140-145 and add a short note
recommending "Use agent debug runners (scripts/debug/) for iterative work, use
direct cargo/Vitest commands only for CI/manual parity."

.codex/commands/ship-and-babysit.md (1)

32-33: ⚡ Quick win

Require exact failing command and error output when using --no-verify.

At Line 32-33, the exception is too loose. Require the precise blocked command and stderr snippet in the PR body before allowing bypass, so validation claims stay auditable.

Suggested wording

-3. If the pre-push hook fails on unrelated pre-existing breakage, push with `--no-verify` and record that explicitly in the PR body. If the hook fails on your own changes, fix the problem and push again.
+3. If the pre-push hook fails on unrelated pre-existing breakage, include the exact blocked command and error output in the PR body, then push with `--no-verify`. If the hook fails on your own changes, fix the problem and push again.

As per coding guidelines, "If a command cannot run in the remote environment, report the exact blocked command and error instead of claiming validation passed."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.codex/commands/ship-and-babysit.md around lines 32 - 33, Update the
guidance sentence that permits pushing with --no-verify when pre-push hooks fail
so it requires the exact failing command and a stderr snippet to be recorded in
the PR body; specifically replace or augment the line that currently reads "If
the pre-push hook fails on unrelated pre-existing breakage, push with
`--no-verify` and record that explicitly in the PR body" to mandate including
the precise blocked command and the error output (stderr) in the PR body before
allowing bypass, and ensure the text distinguishes when the failure is from your
own changes vs unrelated pre-existing breakage.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CONTRIBUTING.md`:
- Line 131: The sentence "If you only changed docs, you usually only need `pnpm
format:check`" is too broad; update it to scope docs-only validation to
non-AI-authored PRs and explicitly state that AI-authored or remote-agent PRs
must still follow the Codex checklist (referencing the codex PR checklist) and
either run the required checklist commands or report the exact blocked command
and error instead of claiming validation passed; replace the original line in
CONTRIBUTING.md with a clarified sentence that (1) limits `pnpm format:check`
guidance to regular docs-only changes and (2) adds a short note that
Codex/remote-agent PRs must follow the Codex checklist and must report blocked
commands/errors when commands cannot run.

In `@scripts/work/start.sh`:
- Around line 144-146: The current branch unconditionally calls codex exec
--dangerously-bypass-approvals-and-sandbox with user-controlled "$prompt" when
agent == "codex", creating a prompt-injection risk; modify start.sh to require
an explicit opt-in flag or environment variable (e.g., CHECK for
ALLOW_DANGEROUS_CODEX or a --allow-dangerous-codex CLI flag) before running the
dangerous command, and if the opt-in is not present fall back to a safe codex
invocation or exit with an error; reference the agent variable, the prompt
variable, and the codex exec --dangerously-bypass-approvals-and-sandbox
invocation when making this change.

---

Nitpick comments:
In @.codex/commands/ship-and-babysit.md:
- Around line 32-33: Update the guidance sentence that permits pushing with
--no-verify when pre-push hooks fail so it requires the exact failing command
and a stderr snippet to be recorded in the PR body; specifically replace or
augment the line that currently reads "If the pre-push hook fails on unrelated
pre-existing breakage, push with `--no-verify` and record that explicitly in the
PR body" to mandate including the precise blocked command and the error output
(stderr) in the PR body before allowing bypass, and ensure the text
distinguishes when the failure is from your own changes vs unrelated
pre-existing breakage.

In `@CONTRIBUTING.md`:
- Around line 124-129: The verification matrix currently lists direct commands
(pnpm typecheck, pnpm lint, pnpm format:check, cargo check ...) as the primary
iterative path; change it to prefer the debug-wrapper approach by placing the
pnpm debug scripts (e.g., scripts/debug/* and a generic "pnpm debug <target>")
first, and then keep the direct commands (pnpm typecheck, pnpm lint, pnpm
format:check, cargo check --manifest-path ...) as explicit CI-parity/manual
alternatives; apply the same reorder and wording change to the second occurrence
referenced around lines 140-145 and add a short note recommending "Use agent
debug runners (scripts/debug/) for iterative work, use direct cargo/Vitest
commands only for CI/manual parity."

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5c141b53-1504-4927-9e21-8ab32200cdff

📥 Commits

Reviewing files that changed from the base of the PR and between c4fc70c and 1ff1f7c.

📒 Files selected for processing (5)

• .codex/commands/ship-and-babysit.md
• CONTRIBUTING.md
• scripts/work/README.md
• scripts/work/cli.sh
• scripts/work/start.sh